From 3fdb5a93f414f2553a8467cb15adfeb149cbbead Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 18 Nov 2016 15:43:40 +0100 Subject: [PATCH] (auth/ldap) disable error reporting on connect, to prevent api to signal authentication errors as issues. exception 'Exception' with message 'Error at /usr/local/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php:236 - ldap_bind(): Unable to bind to server: Invalid credentials (errno=2)' in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:84 Stack trace: 0 [internal function]: OPNsense\Base\ApiControllerBase->APIErrorHandler(2, --- .../mvc/app/library/OPNsense/Auth/LDAP.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php index e5380c5f5..d809d221e 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php +++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php @@ -225,6 +225,13 @@ class LDAP implements IAuthConnector */ public function connect($bind_url, $userdn = null, $password = null, $timeout = 30) { + $retval = false; + set_error_handler( + function () { + null; + } + ); + $this->closeLDAPHandle(); $this->ldapHandle = @ldap_connect($bind_url); @@ -235,14 +242,17 @@ class LDAP implements IAuthConnector ldap_set_option($this->ldapHandle, LDAP_OPT_PROTOCOL_VERSION, (int)$this->ldapVersion); $bindResult = @ldap_bind($this->ldapHandle, $userdn, $password); if ($bindResult) { - return true; + $retval = true; } else { syslog(LOG_ERR, 'LDAP bind error (' . ldap_error($this->ldapHandle).')'); } } - $this->ldapHandle = null; - return false; + restore_error_handler(); + if (!$retval) { + $this->ldapHandle = null; + } + return $retval; } /**